My Oracle Support Banner

Ohelp (in ORMB) Application Facing 403 Forbidden Error While Accessing From AD/SAML2 SSO (Doc ID 2676383.1)

Last updated on JUNE 09, 2020

Applies to:

Oracle Financial Services Revenue Management and Billing - Version and later
Information in this document applies to any platform.


On : version, ENV - Environment

ohelp (in ORMB) application facing 403 forbidden error while accessing from AD/SAML2 SSO. 

Customer was using ORMB application with SAML2 SSO configuration and ohelp page was inaccessible with 403 forbidden error. All other functionalities were working fine.

After updating SPLEBASE with new security roles with, they faced this issue.

They suspected ohelp application is not fetching "Web Principal Name" and "Application Viewer Prinicipal Name" which are in Active Directory to access the application from ORMB login.
Authentication Login Page Type: CLIENT-CERT
Web Security Role: cisusers
Web Principal Name: xxxx Prod
Application Viewer Security Role: cisusers
Application Viewer Principal Name: xxxx Prod
WebLogic JNDI User ID: svc_eloquencesu (default is system user in FORM LOGIN)
Upon checking ohelp application from deployment section, the security role section may not be using Active Directory group "xxxx Prod".

Where as other applications like SPLWeb and SPLService are using AD group. 

<weblogic.servlet.internal.ServletRequestImpl@14d3031b - /ohelp/help/: Writing headers for weblogic.servlet.internal.ServletRequestImpl@14d3031b - /ohelp/help/>
HTTP/1.1 403 Forbidden
Date: : Tue, 14 Apr 2020 00:57:43 GMT
Content-Length: : 1166
Content-Type: : text/html; charset=UTF-8
X-ORACLE-DMS-ECID: dcc55e99-fe09-4492-a65a-91b05b362563-0

How to resolve this issue?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.